U.S. President Barack Obama looks up as he signs an Executive Order to encourage and promote sharing of cybersecurity threat information within the private sector and between the private sector and government after speaking at the Summit on Cybersecurity and Consumer Protection at Stanford University in Palo Alta, California February 13, 2015.
Underscoring the seriousness of recent cyber-attacks, the Obama Administration is seeking to establish cybersecurity standards and enact new federal laws to cover cybercrimes. The common thread throughout these recent announcements has been the importance of collaboration among business and government sectors to stop cyber-attacks and strengthen national security. However, it remains to be seen which of these proposals, if any, will be enacted into law. It is equally uncertain whether the protections afforded to the business community will satisfy businesses, or take into account the practical issues that they face every day.
In his State of the Union Address on Jan. 20, President Obama announced the need for federal cybersecurity legislation, urging Congress to "finally pass the legislation we need to better meet the evolving threat of cyber-attacks." The President's proposal would require companies to notify affected consumers within 30 days after a data breach is discovered. The proposed legislation would likely preempt state data breach laws, and not be an additional regulation with which businesses must comply, although some states have objected. The President also proposed legislation which would amend the Racketeering Influenced and Corrupt Organizations Act (RICO) to allow cybercrimes to be a basis for RICO prosecutions, while the Computer Fraud and Abuse Act would be updated to cover corporate who misuse confidential information.
Less than a month later on Feb. 13, President Obama hosted a Cybersecurity Summit at Stanford University ("Summit") for the government, public and private sectors to discuss the importance of cybersecurity collaboration. At the Summit, the President announced his own executive order appointing Homeland Security, rather than the NSA, to spearhead the Administration's cybersecurity efforts, likely in an effort to repair the strained relations between the private sector and the government since the exposure of the NSA's data surveillance techniques.
The President's executive order further emphasized the need for the private sector to share cyber threat information with federal agencies through private sector networks called Information Sharing and Analysis Organizations (ISAO). However, although "targeted liability protection" has been enacted.
Additionally, on Feb. 25 the White House announced the creation of the Cyber Threat Intelligence Integration Center (CTIIC). The agency's mission again emphasized the need for collaboration. However, the purpose of the CTIIC is to encourage cross-dissemination and analysis of cyber threats between three existing federal cybersecurity agencies--the National Cyber Investigative Joint Task Force (NCIJTF), National Cybersecurity and Communications Integration Center (NCCIC), and U.S. Cyber Command.
Sign up for CIO Asia eNewsletters.